﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Data.OleDb;
using System.Data.SqlClient;

namespace LayoutTemplate
{
    public partial class Login : System.Web.UI.Page
    {

        protected void btnLogin_Click(object sender, EventArgs e)
        {
            string username = txtUsername.Text.Replace("'", "");
            string password = txtPassword.Text.Replace("'", "");
            string connectionString = "Server = (local); Database = PTUDW; Integrated Security = True;";
            SqlConnection con = new SqlConnection(connectionString);
            con.Open();

            string sql = "select MaThanhVien from ThanhVien where TenDangNhap = @user and MatKhau = @pass";
            SqlCommand commandForCheckUser = new SqlCommand(sql, con);
            commandForCheckUser.Parameters.AddWithValue("@user", txtUsername.Text);
            commandForCheckUser.Parameters.AddWithValue("@pass", txtPassword.Text);
            
            string userIdSuccess = Convert.ToString(commandForCheckUser.ExecuteScalar());
            if (userIdSuccess == Convert.ToString(1))
            {
                Session["userid"] = userIdSuccess;
                Response.Redirect("~/admin.aspx");
                if (Application["UserOnline"] == "")
                    Application["UserOnline"] = Convert.ToString(Application["UserOnline"]) + userIdSuccess;
                else
                    Application["UserOnline"] = Convert.ToString(Application["UserOnline"]) + ", " + userIdSuccess;
                Response.Write("hello");

            }
            else if (userIdSuccess != "")
            {
                Session["userid"] = userIdSuccess;
                Response.Redirect("~/MemberPage.aspx");
                if (Application["UserOnline"] == "")
                    Application["UserOnline"] = Convert.ToString(Application["UserOnline"]) + userIdSuccess;
                else
                    Application["UserOnline"] = Convert.ToString(Application["UserOnline"]) + ", " + userIdSuccess;

            }
            else
            {
                Response.Write("Sai");
            }

        }
    }
}